Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.

What looks like a legit VPN download could be a trap, as SEO poisoning is being used to steal corporate logins.

Windows Update can update drivers, sure, but BIOS/UEFI updates are another beast entirely. They patch critical security gaps and need to be checked manually.

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.

Looking for a photo? Need a quick peek at your documents? File Explorer can help you get it done—if you know these tricks.

Bridging the gap between standard PCs and workstations.

The malware is designed to steal the victim’s VPN login credentials. According to Microsoft, the attack uses search engine optimization (SEO) poisoning to push websites hosting the malicious VPN ...

In our latest national state law update, we review state laws that have gone into effect or were enacted in 2026. Below is a non-exhaustive summary ...

The Efimer malware campaign is hijacking Google SEO to drain the crypto wallets of Oscar fans hunting for free movies, Cybernews researchers found.